From 7ae469dbc79fb5ade2af9c98f85bf7417aeef82b Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Tue, 31 Jul 2012 15:14:55 +0000
Subject: [PATCH] Be more insistent about "long" expired certificates in the
 hope that we can prioritise those. "Long" defined arbitrarily for now at 180
 days (about six months).

---
 build/check_embedded.pl | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/build/check_embedded.pl b/build/check_embedded.pl
index ae8e8e39..9ad429c9 100755
--- a/build/check_embedded.pl
+++ b/build/check_embedded.pl
@@ -1,4 +1,5 @@
 #!/usr/bin/perl -w
+use POSIX qw(floor);
 use File::Temp qw(tempfile);
 use Date::Parse;
 use Digest::SHA1 qw(sha1 sha1_hex sha1_base64);
@@ -204,7 +205,10 @@ sub comment {
 			if (/Not After : (.*)$/) {
 				$notAfter = $1;
 				$days = (str2time($notAfter)-time())/86400.0;
-				if ($days < 0) {
+				if ($days < -180) {
+					my $d = floor(-$days);
+					error("EXPIRED LONG AGO ($d days)");
+				} elsif ($days < 0) {
 					error("EXPIRED");
 				} elsif ($days < 18) {
 					$days = int($days);